1 of 13

WLAN SSID Availability

Configuration Guide

Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA https://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)

2 of 13

Overview ____________________________________________________________________ 3

Configuration ________________________________________________________________ 3

Time Zone and Daylight Saving Time Configuration _______________________________________ 3

Calendar Profile Configuration ________________________________________________________ 4 Configuration via CLI ______________________________________________________________________ 4 Configuration via Cisco DNA Center Configuration Template ______________________________________ 6

Embedded Event Manager (EEM) Applet Configuration (Optional) __________________________ 10

Wireless Policy Profile Configuration __________________________________________________ 12

3 of 13

Overview WLAN availability on the Cisco Catalyst 9800 Wireless LAN Controller (WLC) allows for users to schedule the specific time range for when a WLAN will be enabled. Outside of that time range, the WLC will prevent the SSID for the WLAN from being broadcasted and users from connecting to the network. This is implemented using Calendar Profiles to define the schedule and the Wireless Policy Profiles to define whether the WLAN will be enabled during that time. For WLCs that manage access points in multiple time zones, the Calendar Profile scheduling times can be adjusted so that the WLANs in those areas will be enabled at the correct times. This guide will cover how to:

• Set the correct time zone and Daylight Saving Time (DST) settings on the WLC

• Configure Calendar Profiles for each time zone managed

• Automatically adjust time differences for time zones that don’t observe DST using Embedded Event Manager (EEM) applets

• Configure Wireless Policy Profiles to enable the WLANs using the Calendar Profiles

Configuration Time Zone and Daylight Saving Time Configuration After setting the NTP server, set the correct time zone for the WLC as well as when daylight saving time (DST) occurs each year. This will ensure that the defined times that clients can connect to the WLAN will remain correct throughout the year. The command to set the time zone is shown below. This will be the time zone name when the location is not on daylight saving time. clock timezone <Time Zone Abbreviation> <hours-offset> <minutes-offset>

When configuring daylight saving time, it is important to note that DST begins and ends at the same time each year. For example, in the United States, DST begins at 02:00 on the second Sunday of March and ends at 02:00 on the first Sunday of November each year. Thus, it will need to be configured to start and end on a reoccurring schedule. The command to do so is shown below. clock summer-time <DST Time Zone Abbreviation> recurring <Start Week> <Start Day>

<Start Month> <Start Time hh:mm> <End Week> <End Day> <End Month> <End Time hh:mm>

When configuring, make note of when DST starts and ends in the area local to the WLC as the range differs based on country. An example configuration for the time zone and DST on a Catalyst 9800 in California, United States, is shown below.

4 of 13

clock timezone PST -8 0

clock summer-time PDT recurring 2 Sunday March 02:00 1 Sunday November 02:00

Since California follows Pacific Time, its clock offset is set to 8 hours behind UTC time when not on DST. During this time, its time zone is called Pacific Standard Time (PST). To account for daylight saving time in the United States, it has a yearly reoccurring schedule to adjust the time for DST starting second Sunday of March at 02:00 and ending at 02:00 on the first Sunday of November. During this time, the time zone changes to Pacific Daylight Time (PDT).

Calendar Profile Configuration The Wireless Calendar Profile defines the times and days in which clients can connect to the WLAN each day. When configuring WLAN availability for different time zones, a Calendar Profile will need to be configured for each time zone.

• Note: Credit to Jiri Brejcha for demonstrating how to use the Calendar Profile to configure WLAN availability (https://www.jiribrejcha.net/2020/08/schedule-wlan-availability-on-catalyst-9800-series-wireless-lan-controllers/)

Configuration via CLI To define the Calendar Profile for the workweek in the local time zone of the WLC, go to the CLI of the device and enter the commands below in global configuration mode. wireless profile calender-profile name <Calendar Profile Name>

day <Day 1 of Week to Apply>

.

.

.

day <Day X of Week to Apply>

recurrance weekly

start <HH:MM:SS> end <HH:MM:SS>

The configuration below is for a Monday to Saturday workweek with business hours from 8:00 AM to 5:00 PM. Depending on the workdays, more or less days can be added, and the start and end times can be changed. wireless profile calender-profile name Pacific_Workdays_8am_to_5pm

day Monday

day Tuesday

day Wednesday

day Thursday

day Friday

day Saturday

recurrance weekly

start 08:00:00 end 17:00:00

For other time zones, the configuration will be similar except the start and end times will need to be changed to reflect the time as it would be observed in the time zone local to the WLC. The following configurations show the Calendar Profile for Eastern Time with the start and end time

5 of 13

adjusted to be 3 hours ahead of Pacific Time. Thus, in order for the WLAN Availability to be 08:00 to 17:00 in Eastern Time, the configured times will be 05:00 and 14:00 in Pacific Time. wireless profile calender-profile name Eastern_Workdays_8am_to_5pm

day Monday

day Tuesday

day Wednesday

day Thursday

day Friday

day Saturday

recurrance weekly

start 05:00:00 end 14:00:00

In this case, Eastern Time also observes daylight saving time. However, if there are offices in time zones that do not observe DST, extra care needs to be taken when entering in the correct start and end times for the Calendar Profile. The example below is for offices in Hawaii, which follow Hawaiian-Aleutian Standard Time (HST). Hawaii does not observe DST, so its time in relation to areas that observe DST will change throughout the year. During daylight saving, Hawaii is 3 hours behind the California-based Catalyst 9800. Thus, if configuring during DST, the configuration will have the Hawaiian offices’ WLAN enabled during 11:00 to 20:00 Pacific Time.

6 of 13

wireless profile calender-profile name Hawaii_Workdays_8am_to_5pm

day Monday

day Tuesday

day Wednesday

day Thursday

day Friday

day Saturday

recurrance weekly

start 11:00:00 end 20:00:00

However, outside of daylight saving time, Hawaii is 2 hours behind the California-based Catalyst 9800. Thus, when configuring outside of DST, the configuration will have the Hawaiian offices’ WLAN enabled during 10:00 to 19:00 Pacific Time. wireless profile calender-profile name Hawaii_Workdays_8am_to_5pm

day Monday

day Tuesday

day Wednesday

day Thursday

day Friday

day Saturday

recurrance weekly

start 10:00:00 end 19:00:00

To adjust for these time differences over the year, please go to the section EEM Applet Configuration.

Configuration via Cisco DNA Center Configuration Template The Calendar Profiles can also be configured on the WLC during the provisioning process in Cisco DNA Center using the configuration templates. The configuration template for the Calendar Profile can be found HERE. After importing the configuration template, apply the template to the network profile for site where the WLC is assigned to. To do this, navigate to Design Network Profiles.

Either click Add Profile to create a new network profile or Edit to add the configuration template to an existing profile.

7 of 13

In the Attach Templates section,

1. Click Add. 2. For the Device Type, select either Cisco Catalyst 9800 Series Wireless Controllers or

Cisco Catalyst 9800 Series Wireless Controllers for Cloud. 3. For the Template, select Time Zone Calendar Profile. 4. Click Save to apply to device.

To apply the network profile, the WLC will need to be provisioned. Navigate to Provision Inventory.

Locate the 9800 that needs to be provisioned and complete the following steps.

1. Select the device checkbox. 2. Click on Actions Provision Provision Device. 3. For Tabs 1 through 3, configure the required settings and navigate to Tab 4 Advanced

Configuration.

8 of 13

4. In the Time Zone to Manage field, enter either the time zone name (ex. Central) or the abbreviation (CT).

a. The name can be a max of 32 characters. b. If multiple words are required for the title, use the underscore character “_” to

separate them (ex. Pacific_Standard). 5. Select all the days of the week where the WLAN should be enabled. 6. Enter the start and end times local to the time zone of the WLC. The time will need to be

entered in 24-hour time format. a. For example, if the WLC is located in the Pacific time zone, the start and end

times for an 08:00:00 to 17:00:00 day in the Central time zone will be entered as 06:00:00 to 15:00:00. This reflects how Central Time is 2 hours ahead of Pacific Time.

7. Click Next. 8. In the Summary Tab, click Deploy. 9. In the Provision Device pop-up, choose when DNA Center should provision the device

and click Apply. a. Optionally, the task name can be changed as well.

10. Back in the inventory dashboard, ensure that the Provision Status shows as Success. 11. Repeat Steps 1-10 for each time zone that the WLC will manage.

9 of 13

10 of 13

Embedded Event Manager (EEM) Applet Configuration (Optional) In order to automate the adjusting of the time differences for time zones that either do not support daylight saving or start and end DST at different times during the year, EEM applets can be configured to change the Calendar Profile times at the start and end of DST. If all the configured time zones observe DST and start and end DST at the same time, EEM applets are not required. In this situation, the clock summer-time configuration will need to be disabled. This is because the EEM applets will be triggered when daylight saving time starts/end, which will be the same time where the clock summer-time command changes the clock time. This will prevent the EEM applets from triggering correctly. Thus, by removing it, the EEM applets will trigger as expected. Since clock summer-time is removed, the EEM applets will need to have actions that adjust the time zone and clock offset of the WLC to reflect DST. The EEM applet for the start of DST is shown below. event manager applet Start_Of_DST

event timer cron name DST_Start cron-entry "0 2 8-14 3 *"

action 1.0 cli command "enable"

action 2.0 cli command "show clock"

action 2.1 syslog msg "$_cli_result"

action 3.0 regexp "Sun" "$_cli_result"

action 3.1 if $_regexp_result eq "1"

action 3.2 syslog msg "Start of Daylight Savings. Changing clock time zone."

action 4.0 cli command "configure terminal"

action 4.1 cli command "clock timezone PDT -7 0"

action 5.0 syslog msg "Starting HST Calendar Profile - Adjusting for Pacific Time

w/ DST - 3 Hours Behind"

action 5.1 cli command "wireless profile calender-profile name

Hawaii_Workdays_8am_to_5pm"

action 5.2 cli command "start 11:00:00 end 20:00:00"

action 5.3 cli command "end"

action 5.4 syslog msg "Finished HST Calendar Profile"

action 5.5 end

action 6.0 syslog msg "Finished all DST changes."

• CRON-entry “0 2 8-14 3 *”: The applet uses a CRON string to trigger it to start. Due to CRON strings being unable to specify running on the second Sunday of March at 02:00, the CRON string will trigger the applet at 02:00 on all the possible dates in March that can be the second Sunday (3/8 – 3/14).

• Actions 2.0 – 3.2: Whenever, the applet is triggered, it gets the current day of the week (sh clock) command and checks to see if the day is Sunday (regexp "Sun" "$_cli_result"). If it is Sunday, the applet will continue with the necessary configurations.

• Actions 4.0 – 4.1: The time zone is changed to reflect the DST change. In the example, Pacific Standard Time (UTC offset of -8) is changed to Pacific Daylight Time (UTC offset of -7).

11 of 13

• Actions 5.0 - 5.5: The Calendar Profile for the time zones that do not observe DST has its start and end time configurations changed to match its time difference to the WLC. In this case, Hawaii will now have a 3-hour time difference to the WLC.

When DST comes to an end, another EEM applet can be triggered to adjust the configurations to reflect the time changes. event manager applet End_Of_DST

event timer cron name DST_End cron-entry "0 2 1-7 11 *"

action 1.0 cli command "enable"

action 2.0 cli command "show clock"

action 2.1 syslog msg "$_cli_result"

action 3.0 regexp "Sun" "$_cli_result"

action 3.1 if $_regexp_result eq "1"

action 3.2 syslog msg "End of Daylight Savings. Changing clock time zone."

action 4.0 cli command "configure terminal"

action 4.1 cli command "clock timezone PST -8 0"

action 5.0 syslog msg "Starting HST Calendar Profile - Adjusting for Pacific Time

w/ DST - 2 Hours Behind"

action 5.1 cli command "wireless profile calender-profile name

Hawaii_Workdays_8am_to_5pm"

action 5.2 cli command "start 10:00:00 end 19:00:00"

action 5.3 cli command "end"

action 5.4 syslog msg "Finished HST Calendar Profile"

action 5.5 end

action 6.0 syslog msg "Finished all DST changes."

• CRON-entry “0 2 1-7 11 *”: The same logic applies here except DST ends at 02:00 on the first Sunday of November. The CRON string will trigger the applet on all the dates in November that can be the first Sunday (11/1 – 11/7) and check if the current day is Sunday. If so, the Calendar Profile will be adjusted.

• Actions 4.0 – 4.1: The time zone is changed to reflect the end of DST. In the example, Pacific Daylight Time (UTC offset of -7) is changed to Pacific Savings Time (UTC offset of -8).

• Actions 5.0 - 5.5: The Calendar Profile for the time zones that do not observe DST has its start and end time configurations changed to match its time difference to the WLC. In this case, Hawaii will now have a 2-hour time difference to the WLC.

The above two applets can be edited to also account for managed areas in time zones that start and end DST at different times than the area of the WLC. To do so, the CRON-entry will need to be changed. The format of the string is: <Minute> <Hour> <Days of the Month> <Month> <Days of the Week>

For more information about configuring the EEM applets, please see https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/eem/command/eem-cr-book.html

12 of 13

Wireless Policy Profile Configuration After creating the Calendar Profile, it will need to be applied to a Wireless Policy Profile. This is the step where the WLAN availability for each region is configured. As with the Calendar Profile, there will need to be a Wireless Policy Profile created for each individual time zone. Once the Calendar Profile is applied to the Wireless Policy Profile, changes to the start and end times in the Calendar Profile will be reflected in the Wireless Policy Profile. The Wireless Policy Profile can be created within the WLC GUI or CLI, but in order to apply the Calendar Profile, the CLI needs to be used. To apply the Calendar Profile, connect to the CLI and apply the following configuration:

wireless profile policy <Policy Name>

calender-profile name <Calendar Profile Name>

action <deny-client / wlan_enable>

Notes:

• The Wireless Policy Profile will need to be shut before the Calendar Profile can be applied.

o If it has already been mapped in a Policy Tag, the Wireless Policy Profile can remain mapped.

Example configurations to apply the Calendar Profiles to the Wireless Policy Profiles in FlexConnect deployments for Pacific Time, Eastern Time, and Hawaii Time are shown below. In the examples, clients will only be able to connect to the WLANs only during the configured times.

13 of 13

wireless profile policy Pacific_Time_Corporate

calender-profile name Pacific_Workdays_8am_to_5pm

action wlan_enable

no central association

no central dhcp

no central switching

no shutdown

wireless profile policy Eastern_Time_Corporate

calender-profile name Eastern_Workdays_8am_to_5pm

action wlan_enable

no central association

no central dhcp

no central switching

no shutdown

wireless profile policy Hawaiian_Time_Corporate

calender-profile name Hawaii_Workdays_8am_to_5pm

action wlan_enable

no central association

no central dhcp

no central switching

no shutdown

Once the Calendar Profile is applied, the Wireless Policy Profile can be used in a Policy Tag as usual.